Day 3 p2 - security

©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

HP Enterprise Security

Aarij M Khan

Director of Product Marketing

HP Enterprise Security Products

The Problem

3

Mega trends

Changing Workforce

Technology Advancements

Evolving Business Models

IT architectures are evolving rapidly….

Transparent

Abstracted New architecture create security challenges

Security protection must focus on users and applications

Physical

Network

IaaS

O/S

Platform

Application

O/S

Platform

Application

PaaS

Application

Mobile Backend

Application

Users Users Users Users

Threat and risks are expanding in frequency and intensity

Cyber crime is increasing…

And traditional security solutions are falling short!

Multiple Technologies Lots of Information No Intelligence

Bolted On Architecture-Specific Lacking Automation

Limited Context

Application Scanning Firewall IPS SIEM Anti-X Web

Technology

End Point Applications

Network Scanners Compliance

User IT Operations

Information

Bolted On Architecture-Specific Lacking Automation

Limited Context

Traditional Solutions

Attack surface has grown as control & visibility have declined

SECURITY IS A MAJOR CIO CHALLENGE

7 © Copyright 2011 Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

26% more pressing than closest challenge for cloud adoption

The Solution

Using Security Intelligence Platform

HP Business Risk Management Strategy

9

Business Risk management & compliance

Security IT Rollup to security

intelligence

Mobile

Virtu

al

Clo

ud

Unify the security layers

Users

Applications

Data

Systems

Networks

Applications

Data

Systems

Networks

Users

Integrate Security & IT management

HP Enterprise Security • 1,500 security professionals from ArcSight, Fortify and TippingPoint teams

• 1,500 security professionals in HP Enterprise Security Services

• Top five security company by market share (leader in SIEM, Log Mgt, AppSec, Network Security)

Magic Quadrant for Network Intrusion Prevention Systems December 2010.

=HP

The Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from HP.

Magic Quadrant for Static and Dynamic Application Security Testing December 2010 and December 2011.

Magic Quadrant for Security Information and Event Management May 2011.

HP has the only security intelligence platform that gives clients the insight to proactively manage their specific enterprise threats and risks.

The only security intelligence platform that gives clients the insight to proactively manage

their specific enterprise security threats and risks

HP Security Intelligence Platform

12

Establish complete visibility

across all applications and

systems

Analyze vulnerabilities in

applications and operations

to understand risk

Respond adaptively to

build defenses against the

exploitation of vulnerabilities

Measure security effectiveness

and risk across people, process,

and technology to improve over

time

Information

Security Intelligence Platform

ENTERPRISE SECURITY SERVICES

IT PERFORMANCE SUITE

Operations Application

Contextual Information

Complete Visibility

Research-Backed

Automated, Proactive &

Adaptive

Hybrid

(Physical/Virtual/Cloud)

Information

Enterprise Security – HP Confidential

ESP Security Solutions

Universal Log Management

Regulatory Compliance

Proactive Network Security

Insider Threat Intelligence

Advanced Threat Intelligence

Privacy Breach Intelligence

Data Leakage Monitoring

Application Security

The Product Solutions

14 Enterprise Security – HP Confidential

INDUSTRY LEADING HP SECURITY SOLUTIONS

1

5 © Copyright 2011 Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

Magic Quadrant for Network Intrusion Prevention Systems 6 December 2010.

=HP

The Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from HP.

Magic Quadrant for Static Application Security Testing 13 December 2010.

Magic Quadrant for Security Information and Event Management 13 May 2011.

HP ArcSight Solution Architecture

Establish complete visibility

Analyze events in real time to deliver insight

Respond quickly to prevent loss

Measure security effectiveness across people, process, and technology to improve over time

Event Correlation

Log Management

App Monitoring

Controls Monitoring

User Monitoring

Fraud Monitoring

Data Capture

A comprehensive platform for monitoring modern threats and risks, augmented by services expertise and the most advanced security user community, Protect724

Information

HP TippingPoint Network Defense System

Scalable Infrastructure to address current and future security deployment models (NG IPS/FW)

Dynamic Analytics and policy deployment with real time (NG Mgmt) Predictive Intelligence to proactively address current and future threat activity (DV Labs)

Next Gen IPS Next Gen Firewall

DVLabs Research

Next Gen Mgmt

Netwrk

A complete set of security solutions that address today's advanced security threats at the perimeter and core of your business.

Network Defense System

Applications Operations

HP Fortify Software Security Center

Enterprise Security – HP Confidential

Identifies and eliminates risk in existing applications and prevents the introduction of risk during application development, in-house or from vendors.

Protects business critical applications from advanced cyber attacks by removing security vulnerabilities from software

Accelerates time-to-value for achieving secure applications

Increases development productivity by enabling security to be built into software, rather than added on after it is deployed

Delivers risk intelligence from application development to improve operational security

In-house Outsourced

Commercial Open source

Applications

A real world example: RSA

19 Enterprise Security – HP Confidential

What happened in the RSA breach?

Finance person receives a junk email

Opens to see 2012 Recruitment plan with .xls file

RAT program installed utilizing Adobe Flash vulnerability

Split file, encrypt, ftp to good.mincesur.com

RSA is in the headlines Collect data over a

period of time

Poison Ivy malware is initiated NMAP scan of network to

collect sensitive information

What if RSA was using HP ESP solutions?

Finance person receives a junk email

Opens to see 2012 Recruitment plan with .xls file

RAT program installed utilizing Adobe Flash vulnerability

Split file, encrypt, ftp to good.mincesur.com

RSA is in the headlines Collect data over a

period of time

Poison Ivy malware is initiated NMAP scan of network to

collect sensitive information

Security model is broken with bolted on security at every layer

1

Use HP TippingPoint solutions to block malicious payload at the perimeter

4

Use HP ArcSight solutions to correlate roles and responsibilities against tasks

5

Use HP ArcSight solutions to monitor your users, applications, and

infrastructure

6 Use HP TippingPoint to block traffic to malicious domain and HP ArcSight to correlate login/logout with network access

7

Use HP Fortify solutions to eliminate vulnerabilities in applications

3 2

Use HP TippingPoint solutions to block traffic from malicious senders

Effective Enterprise

Security!

8

Intelligent ESP Integrations

22 Enterprise Security – HP Confidential

Fortify intelligence integrated with HP ALM and HP Quality Center

• Software Security Center or WebInspect submits

security vulnerabilities to HP Application Life Cycle

Management (ALM) or HP Quality Center as defects

• Security Vulnerabilities can then be managed as

software defects by development teams

• Software Security Center remains the system of

record for security vulnerabilities

– Enables development teams to manage security

vulnerabilities just like any other defect

– Formalizes workflow for addressing security

vulnerabilities

– Improves security assurance for applications

Secure Application Lifecycle Management

Correlation Zone

1) Connection activity is

reported by FW. ESM

correlates coms to C&C

via RepDV to internal

private IP and user ID’s

1

Updates to ESM via ThreatLinQ

IPS IPS

Policy Mgmt

(SMS)

Enforcement Zone

3 3

3) SMS sends action set to IPS.

Endpoints are now blocked and

quarantined for remediation

2

2) ESM instructs SMS to quarantine

internal endpoints for remediation

4) Identity based reporting

provides visibility to endpoint

infection by dept/groups

4

RepDV LightHouse Events Filters Malware Analysis

ThreatLinQ

1

Identify bots and quarantine devices for remediation

Reputation Security Monitor

Adaptive technology to protect web applications

• What it is

– Advanced web application scanning to uncover

vulnerabilities combined with adaptive IPS response

– WebInspect information passed to WebAppDV to auto-

generate IPS filters for virtual vulnerability patch

• Benefits

– Protection for custom and commercial web applications

– Inspection of encrypted and non-encrypted traffic (ideal for

web commerce apps)

– Elimination of tuning required by legacy WAFs

Adaptive Web Application Firewall (WAF) Technology HP WebInspect Scan

Vulnerability Report

Vulnerability Page and Parameter

Internet

2

1

3

4

SSL

IPS

Why HP Enterprise Security Products

27

• Industry-leading, automated security solutions and visibility

– ArcSight, Fortify, TippingPoint all MQ Leaders/Best in Class

– Security intelligence delivered in context

– Trusted, proactive and automated action

– Cloud-ready

• Worlds best research for security intelligence and risk management

– Best in class application security and network security research

– Discovers more vulnerabilities than the rest of the market combined

• Integrated with leading IT operations solutions – Universal Log Management tied to Systems Event Management

– Enhanced asset and threat modeling

– A key component of the HP IT Performance Suite

THANK YOU

28 Enterprise Security – HP Confidential